RFC 8711 | IASA 2.0 | February 2020 |
Haberman, et al. | Best Current Practice | [Page] |
The IETF Administrative Support Activity (IASA) was originally established in 2005. In the years since then, the needs of the IETF evolved in ways that required changes to its administrative structure. The purpose of this RFC is to document and describe the IETF Administrative Support Activity, version 2.0 (IASA 2.0). It defines the roles and responsibilities of the IETF Administration LLC Board (IETF LLC Board), the IETF Executive Director, and the Internet Society in the fiscal and administrative support of the IETF standards process. It also defines the membership and selection rules for the IETF LLC Board.¶
This document obsoletes RFC 4071, RFC 4333, and RFC 7691.¶
This memo documents an Internet Best Current Practice.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8711.¶
Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
The IETF Administrative Support Activity (IASA) was originally established in 2005. In the years since then, the needs of the IETF evolved in ways that required changes to its administrative structure. The purpose of this document is to document and describe the IASA 2.0 structure.¶
Under IASA 2.0, the work of the IETF's administrative and fundraising tasks is conducted by an administrative organization, the IETF Administration LLC (IETF LLC). Under this structure, the IETF Administrative Oversight Committee (IAOC) is eliminated, and its oversight and advising functions transferred to the IETF LLC Board.¶
The IETF LLC provides the corporate legal home for the IETF, the Internet Architecture Board (IAB), and the Internet Research Task Force (IRTF), and financial support for the operation of the RFC Editor.¶
[IASA2RECS] discusses the challenges facing the original IASA structure as well as several options for reorganizing the IETF's administration under different legal structures. This document outlines how the chosen option is structured and describes how the organization fits together with existing and new IETF community structures.¶
Under IASA 2.0, most of the responsibilities that [RFC4071] assigned to the IETF Administrative Director (IAD) and the Internet Society (ISOC) were transferred to the IETF LLC and IETF Administration LLC Executive Director (IETF Executive Director). It is the job of the IETF LLC to meet the administrative needs of the IETF and to ensure that the IETF LLC meets the needs of the IETF community.¶
Eliminating the IAOC meant that changes were required in how trustees could be appointed to the IETF Trust. The details of how this is done are outside the scope of this document but are covered in [RFC8714].¶
This document obsoletes [RFC4071], which specified the original IASA, [RFC4333], which specified the selection guidelines and process for IAOC members, and [RFC7691], which specified terms for IAOC members.¶
The document does not propose any changes related to the standards process as currently conducted by the Internet Engineering Steering Group (IESG) and Internet Architecture Board (IAB) (see BCP 9 [RFC2026] and BCP 39 [RFC2850]). In addition, no changes are made to the appeals chain, the process for making and confirming IETF and IAB appointments (see BCP 10 [RFC8713]), the technical work of the Internet Research Task Force (IRTF) (see [RFC2014]), or to ISOC's membership in or support of other organizations.¶
The LLC Agreement between the IETF LLC and ISOC is available at [IETF-LLC-A]. This IASA 2.0 structure, and thus this document, depends on the LLC Agreement and will refer to it to help explain certain aspects of the legal relationship between the IETF LLC and ISOC.¶
The LLC Agreement was developed between legal representatives of the IETF and ISOC and includes all critical terms of the relationship, while still enabling maximum unilateral flexibility for the IETF LLC Board. The LLC Agreement includes only basic details about how the Board manages itself or manages IETF LLC staff, so that the Board has flexibility to make changes without amending the agreement. The Board can independently develop policy or procedures documents that fill gaps.¶
Although most of the terms, abbreviations, and acronyms used in this document are reasonably well known, first-time readers may find some terminology confusing. This section therefore attempts to provide a quick summary.¶
The IETF LLC is established to provide administrative support to the IETF. It has no authority over the standards development activities of the IETF.¶
The responsibilities of the IETF LLC are:¶
The manner by which these responsibilities under the IETF LLC are organized is intended to address the problems described in Sections 3.1.1, 3.1.2, and 3.1.3 of [IASA2RECS]. Specifically, this is intended to bring greater clarity around roles, responsibilities, representation, decision-making, and authority.¶
In addition, by having the IETF LLC manage the IETF's finances and conduct the IETF's fundraising, confusion about who is responsible for representing the IETF to sponsors and who directs the uses of sponsorship funds should be eliminated. Finally, having the IETF LLC reside in a defined, distinct legal entity, and taking responsibility for operations, enables the organization to execute its own contracts without the need for review and approval by ISOC.¶
The IETF LLC is expected to conduct its work according to the following principles:¶
The transparency and responsiveness principles are designed to address the concern outlined in Section 3.3 of [IASA2RECS] about the need for improved timeliness of sharing of information and decisions and seeking community comments. The issue of increased transparency was important throughout the IASA 2.0 process, with little to no dissent. It was recognized that there will naturally be confidentiality requirements about some aspects of contracting, personnel matters, and other narrow areas.¶
The principles of the relationship between the IETF and ISOC are outlined in [RFC8712]. In short, the IETF is responsible for the development of the Internet Standards and ISOC aids the IETF by providing it a legal entity within which the IETF LLC exists, as well as with financial support.¶
The IETF LLC Board is directly accountable to the IETF community for the performance of the IASA 2.0. However, the nature of the Board's work involves treating the IESG, IRTF, and IAB as major internal customers of the administrative support services. The Board and the IETF Executive Director should not consider their work successful unless the IESG, IRTF, and IAB are also satisfied with the administrative support that the IETF is receiving.¶
The IETF LLC Board is directly accountable to the IETF community for the performance of the IASA 2.0, including hiring and managing the IETF Executive Director. In extreme cases of dissatisfaction with the IETF LLC, the IETF community can utilize the recall process as noted in Section 6.7.¶
Anyone in the community of IETF participants may ask the Board for a formal review of a decision or action by the IETF Executive Director or Board if they believe this was not undertaken in accordance with IETF BCPs or IETF LLC Board policies and procedures.¶
A formal request for review must be addressed to the IETF LLC Board chair and must include a description of the decision or action to be reviewed, an explanation of how, in the requestor's opinion, the decision or action violates the BCPs or IASA 2.0 operational guidelines, and a suggestion for how the situation could be rectified.¶
The IETF LLC shall respond to such requests within a reasonable period, typically within 90 days, and shall publicly publish information about the request and the corresponding response and/or result.¶
Any major change to the IASA 2.0 arrangements shall require community consensus and deliberation and shall be reflected by a subsequent Best Current Practice (BCP) document.¶
The IETF LLC is led by an IETF Executive Director chosen by the Board. The IETF Executive Director is responsible for managing the day-to-day operations of the IETF LLC, including hiring staff to perform various operational functions. The IETF Executive Director and any staff may be employees or independent contractors.¶
Allowing for the division of responsibilities among multiple staff members and contractors is designed to address some of the concerns raised in Section 3.2 (Lack of Resources) and Section 3.4 (Funding/Operating Model Mismatch and Rising Costs) of [IASA2RECS].¶
Based on the amount of work previously undertaken by the IAD and others involved in the IETF administration, the design of the IETF LLC anticipated that the IETF Executive Director may need to hire multiple additional staff members. For example, resources to manage fundraising, to manage the various contractors that are engaged to fulfill the IETF's administrative needs, and to support outreach and communications were envisioned.¶
The IETF has historically benefited from the use of contractors for accounting, finance, meeting planning, administrative assistance, legal counsel, tools, and web site support, as well as other services related to the standards process (e.g., RFC Editor and IANA). Prior to making the transition from IASA to IASA 2.0, the IETF budget reflected specific support from ISOC for communications and fundraising as well as some general support for accounting, finance, legal, and other services. The division of responsibilities between staff and contractors is at the discretion of the IETF Executive Director and their staff.¶
The IETF has a long history of community involvement in the execution of certain administrative functions, in particular development of IETF tools, the operation of the meeting network by the Network Operations Center (NOC), and some outreach and communications activities conducted by the Education and Mentoring Directorate. The IETF LLC staff is expected to respect the IETF community's wishes about community involvement in these and other functions going forward as long as the staff feels that they can meet the otherwise-stated needs of the community. Establishing the framework to allow the IETF LLC to staff each administrative function as appropriate may require the IETF community to document its consensus expectations in areas where no documentation currently exists.¶
In summary, the IETF Executive Director, with support from the team that they alone direct and lead, is responsible for:¶
This section is intended to provide a summary of key IETF LLC Board responsibilities, but the precise and legally binding responsibilities are defined in the LLC Agreement [IETF-LLC-A] and applicable law. If there are unintentional differences or other confusion, the LLC Agreement and applicable law are authoritative.¶
Board members have fiduciary obligations imposed by the LLC Agreement and applicable law, including duties of loyalty, care, and good faith. The Board is responsible for setting broad strategic direction for the LLC, adopting an annual budget, hiring or terminating an IETF Executive Director (or amending the terms of their engagement), adopting any employee benefit plans, consulting the relevant IETF communities on matters related to the LLC as appropriate, approving any changes to the LLC governance structure, incurring any debt, and approving entering into agreements that meet a significant materiality threshold to be determined by the Board. The IETF LLC Board is expected to delegate management of day-to-day activities and related decision-making to staff.¶
Per Section 5(d) of the LLC Agreement and as also described in Section 4.4 of this document, the Board shall, as appropriate, act transparently and provide the IETF community with an opportunity to review and discuss any proposed changes to the IETF LLC structure prior to their adoption.¶
The role of the Board is to ensure that the strategy and conduct of the IETF LLC is consistent with the IETF's needs -- both its concrete needs and its needs for transparency and accountability. The Board is not intended to directly define the IETF's needs; to the extent that is required, the IETF community should document its needs in consensus-based RFCs (e.g., as the community did in [RFC8718]) and provide more detailed input via consultations with the Board (such as takes place on email discussion lists or at IETF meetings).¶
Key IETF LLC Board responsibilities include:¶
A goal of this Board composition is to balance the need for the IETF LLC to be accountable to the IETF community with the need for this Board to have the expertise necessary to oversee a small non-profit company. The Board is smaller than the previous IAOC and the other leadership bodies of the IETF, in part to keep the Board focused on its rather limited set of strategic responsibilities as noted in Section 5.2.¶
This board structure, with limited strategic responsibilities noted in Section 5.2 and limited size, together with the staff responsibilities noted in Section 5.1, is designed to overcome the challenges described in Section 3.1.4 of [IASA2RECS] concerning oversight. This establishes a clear line of oversight over staff performance: the IETF LLC Board oversees the IETF Executive Director's performance and has actual legal authority to remove a non-performing IETF Executive Director. The IETF Executive Director is responsible for the day-to-day operation of the IETF LLC.¶
Finally, the Board is expected to operate transparently, to further address the concern raised in Section 3.3 of [IASA2RECS]. The default transparency rule arrived at during the IASA 2.0 design process is detailed in Section 4.4. The Board will need to establish how it will meet that commitment.¶
The section outlines the composition of the IETF LLC Board, selection of IETF LLC Board Directors, and related details.¶
There is a minimum of 5 directors, which is expandable to 6 or 7. The IETF LLC Board is comprised of the following:¶
For the first slot listed above, the presumption is that the IETF Chair will serve on the board. At the IESG's discretion, another area director may serve instead, or exceptionally the IESG may run a selection process to appoint a director. The goal of having this slot on the board is to maintain coordination and communication between the board and the IESG.¶
As noted above, a maximum of two Directors may be appointed by the IETF LLC Board. They can obviously choose to appoint none, one, or two. These appointments need not be on an exceptional basis; they can be routine, and may occur at any time of the year since it is on an as-needed basis.¶
The appointment of a Board-appointed Director requires a two-thirds majority vote of the Directors then in office, and the appointee shall take office immediately upon appointment and IESG confirmation. The term of each appointment is designated by the Board, with the maximum term being three years, or until their earlier resignation, removal, or death. The Board may decide on a case-by-case basis how long each term shall be, factoring in the restriction for consecutive terms in Section 6.5.¶
The Board itself is expected to take an active role in recruiting potential new Directors, regardless of the process that may be used to appoint them. In particular, the NomCom is primarily focused on considering requirements expressed by the Board and others, reviewing community feedback on candidates, conducting candidate interviews, and ultimately appointing Directors. The Board and others can recruit potential Directors and get them into the consideration process of the NomCom or into open consideration processes of the other appointing bodies if those bodies choose to use such processes.¶
The term length for a Director is three years. The exceptions to this guideline are:¶
A director may serve no more than two consecutive terms. A director cannot serve a third term until three years have passed since their second consecutive term. An exception is if a Director role is occupied by the IETF Chair ex officio, since that person's service is governed instead by the term lengths established in [RFC8713], Section 3.4.¶
The term limits specified above apply to an individual, even if that individual is appointed in different ways over time. For example, an individual appointed to two terms by the ISOC Board of Trustees may not immediately be appointed to a third term by the IETF NomCom. A Director appointed by the IETF LLC itself may only serve for one term by that appointment method, and any subsequent terms would have to be via other methods; in any case, the term limits above apply to that individual.¶
Lastly, partial terms of less than three years for the initial appointments to the first full Board, for which some Directors will have terms of one or two years, do not count against the term limit.¶
The limit on consecutive terms supports the healthy regular introduction of new ideas and energy into the Board and mitigates potential long-term risk of ossification or conflict, without adversely impacting the potential pool of director candidates over time.¶
The Internet Society Board of Trustees, the IESG, the Nominating Committee, and the IETF LLC Board are expected to coordinate with each other to ensure that collectively their appointment or selection processes provide for no more than three Directors' terms concluding in the same year.¶
NomCom-appointed and IESG-appointed Directors may be removed with or without cause. A vote in favor of removal must be no fewer than the number of Directors less two. So for example, if there are seven directors, then five votes are required. Directors may also be removed via the IETF recall process defined in [RFC8713], Section 7.¶
It shall be the responsibility of each respective body that appointed or selected a Director that vacates the Board to appoint a new Director to fill the vacancy. For example, if a Director selected by the NomCom departs the Board prior to the end of their term for whatever reason, then it is the responsibility of the NomCom (using its mid-term rules, as specified in [RFC8713], Section 3.5) as the original appointing body to designate a replacement that will serve out the remainder of the term of the departed Director. However, this obligation will not apply to vacancies in Board-appointed positions.¶
At all meetings of the Board, two-thirds of the Directors then in office shall constitute a quorum for the transaction of business. Unless a greater affirmative vote is expressly required for an action under applicable law, the LLC Agreement, or an applicable Board policy, the affirmative vote of two-thirds of the Directors then in office shall be an act of the Board.¶
Board decisions may be made either by vote communicated in a meeting of the Board (including telephonic and video), or via an asynchronous written (including electronic) process. Absentee voting and voting by proxy shall not be permitted. If a quorum is not present at any meeting of the Board, the Directors present may adjourn the meeting without notice, other than announcement at the meeting, until a quorum is present. Voting thresholds for Director removal are described in Section 6.7.¶
An initial interim Board was necessary in order to legally form and bootstrap the IETF LLC. As a result, an Interim Board was formed on a temporary basis until the first full Board was constituted.¶
The interim Board was comprised of:¶
Following the formation of the first permanent Board, and annually thereafter, the Directors shall elect a Director to serve as Board Chair by majority vote. The IETF, IAB, and IRTF chairs, and the chair of ISOC's Board, will be ineligible for this Board Chair role. The Board may also form committees of the Board and/or define other roles for Board Directors as necessary.¶
The IETF LLC must function within a budget of costs balanced against limited revenues. The IETF community expects the IETF LLC to work to attain that goal, in order to maintain a viable support function that provides the environment within which the work of the IETF, IAB, IRTF, and RFC Editor can remain vibrant and productive.¶
The IETF LLC was generating income from a few key sources at the time that this document was written, as enumerated below. Additional sources of income may be developed in the future, within the general bounds noted in Section 7.8, and some of these may decline in relevance or go away. As a result, this list is subject to change over time and is merely an example of the primary sources of income for the IETF LLC at the time of this writing:¶
As noted in Section 5.2, the IETF LLC must comply with relevant tax laws, such as filing an annual IRS Form 990. Other official financial statements may also be required.¶
In addition to these official financial statements and forms, the IETF LLC is also expected to report on a regular basis to the IETF community on the current and future annual budget, budget forecasts vs. actuals over the course of a fiscal year, and on other significant projects as needed. This regular reporting to the IETF community is expected to be reported in the form of standard financial statements that reflect the income, expenses, assets, and liabilities of the IETF LLC.¶
The IETF LLC maintains its own bank account, separate and distinct from ISOC. The IETF LLC may at its discretion create additional accounts as needed. Similarly, the IETF LLC may as needed create investment accounts in support of its financial goals and objectives.¶
The IETF LLC is expected to retain and work with an independent auditor. Reports from the auditor are expected to be shared with the IETF community and other groups and organizations as needed or as required by law.¶
ISOC currently provides significant financial support to the IETF LLC. Exhibit B of the [IETF-LLC-A] summarizes the financial support from ISOC for the foreseeable future. It is expected that this support will be periodically reviewed and revised, via a cooperative assessment process between ISOC and the IETF LLC.¶
Meeting revenues are another important source of funding that supports the IETF, coming mainly from the fees paid by IETF meeting participants. The IETF Executive Director sets those meeting fees, in consultation with other IETF LLC staff and the IETF community, with approval by the IETF LLC Board. Setting these fees and projecting the number of participants at future meetings is a key part of the annual budget process.¶
Sponsorships and donations are an essential component of the financial support for the IETF. Within the general bounds noted in Section 7.8, the IETF LLC is responsible for fundraising activities in order to establish, maintain, and grow a strong foundation of donation revenues. This can and does include both direct financial contributions as well as in-kind contributions, such as equipment, software licenses, and services.¶
Sponsorships and donations to the IETF LLC do not (and must not) convey to sponsors and donors any special oversight or direct influence over the IETF's technical work or other activities of the IETF or IETF LLC. This helps ensure that no undue influence may be ascribed to those from whom funds are raised, and so helps to maintain an open and consensus-based IETF standards process.¶
To the extent that the IETF LLC needs to undertake any significant special projects for the IETF, the IETF LLC may need to fundraise distinctly for those special projects. As a result, the IETF LLC may conduct fundraising to support the IETF in general as well as one or more special fundraising efforts (which may also be accounted for distinctly and be held in a separate bank account or investment, as needed).¶
The IETF LLC exists to support the IETF, IAB, and IRTF. Therefore, the IETF LLC's funding and all revenues, in-kind contributions, and other income that comprise that funding shall be used solely to support activities related to the IETF, IAB, IRTF, and RFC Editor, and for no other purposes.¶
When the IETF LLC conducts fundraising, it substantiates charitable contributions on behalf of ISOC -- meaning that according to United States tax law, the IETF LLC must send a written acknowledgment of contributions to donors. The IETF LLC evaluates and facilitates state, federal, and other applicable law and regulatory compliance for ISOC and/or the LLC with respect to such fundraising activities. In addition, the IETF LLC ensures that all fundraising activities are conducted in compliance with any policies developed by the IETF LLC, including but not limited to those noted in Section 8.¶
An initial target operating reserve has been specified in Exhibit B of the [IETF-LLC-A]. It says that the IETF LLC should maintain an operating reserve equal to the IETF LLC's budgeted Net Loss for 2019 multiplied times three. The IETF LLC, in cooperation with ISOC, may regularly review the financial target for this reserve fund, as noted in the [IETF-LLC-A] or as otherwise necessary.¶
Should the IETF LLC generate an annual budget surplus, it may choose to direct all or part of the surplus towards the growth of the operating reserve.¶
As noted in Section 4.3, the IETF LLC is responsible for managing the IETF's finances and budget. A key part of this responsibility is establishing, maintaining, and successfully meeting an annual budget. This is essential to the continued operation and vibrancy of the IETF's technical activities and establishes trust with ISOC, sponsors, and donors that funds are being appropriately spent, and that financial oversight is being conducted properly. This is also essential to the IETF LLC meeting applicable legal and tax requirements and is a core part of the Board's fiduciary responsibilities.¶
As explained in Section 5.1, the IETF Executive Director is expected to develop, execute, and report on the annual budget. Regular reporting is expected to include forecast vs. budget statements, including updated projections of income and expenses for the full fiscal year.¶
The Board, as explained in Section 5.2, is expected to review and approve the budget, as well as to provide ongoing oversight of the budget and of any other significant financial matters.¶
The annual budget is expected to be developed in an open, transparent, and collaborative manner, in accordance with Section 4.4. The specific timeline for the development, review, and approval of the IETF LLC annual budget is established by the Board and may be revised as needed.¶
The Board is expected to maintain policies as necessary to achieve the goals of the IETF LLC, meet transparency expectations of the community, comply with applicable laws or regulations, or for other reasons as appropriate. All policies are expected to be developed with input from the IETF community. Some policies provided by ISOC and past policies developed by the previous IAOC may provide a useful starting point for the Board to consider.¶
The Board is expected to maintain a Conflict of Interest policy for the IETF LLC. While the details are determined by the Board, at a minimum such policy is expected to include the following:¶
The Board is expected to maintain additional policies for the IETF LLC as necessary, covering Directors, employees, and contractors, concerning issues such as:¶
The IETF LLC is expected to implement a compliance program to ensure its compliance with all applicable laws, rules, and regulations, including without limitation laws governing bribery, anti-terrorism sanctions, export controls, data protection/privacy, as well as other applicable policies noted in Section 8. In addition, actions and activities of the IETF LLC must be consistent with 501(c)(3) purposes.¶
The IETF LLC is expected to report to ISOC and the IETF community on the implementation of its compliance plan on an annual basis.¶
The IETF LLC, with the involvement of the community, shall conduct and complete an assessment of the structure, processes, and operation of IASA 2.0 and the IETF LLC. This should be presented to the community after a period of roughly three years of operation. The assessment may potentially include recommendations for improvements or changes to the IASA 2.0 and/or IETF LLC.¶
This document describes the structure of IASA 2.0. It introduces no security considerations for the Internet.¶
This document has no IANA considerations in the traditional sense. However, some of the information in this document may affect how the IETF standards process interfaces with the IANA, so the IANA may be interested in the contents.¶
Thanks to Jari Arkko, Richard Barnes, Brian E. Carpenter, Alissa Cooper, John C. Klensin, Bob Hinden, Jon Peterson, Sean Turner, and the IASA2 Working Group for discussions of possible structures, and to the attorneys of Morgan Lewis and Brad Biddle for legal advice.¶
Coauthor Hall performed work on this document before employment at the Internet Society, and his affiliation listed in this document is for identification purposes only.¶